Merge pull request #217536 from ElazarK/doc-improvements

liljack17 · web-flow · commit 5e2da2654a10 · 2022-11-08T09:20:41.000-08:00
cloud security updates
diff --git a/articles/defender-for-cloud/TOC.yml b/articles/defender-for-cloud/TOC.yml
@@ -132,7 +132,7 @@
         href: recommendations-reference.md
       - name: Reference list of AWS recommendations
         href: recommendations-reference-aws.md
-      - name: Reference list of attack paths
+      - name: Reference list of attack paths and cloud security graph components
         href: attack-path-reference.md
   - name: Protect cloud workloads
     items:
diff --git a/articles/defender-for-cloud/attack-path-reference.md b/articles/defender-for-cloud/attack-path-reference.md
@@ -1,23 +1,25 @@
 ---
-title: Reference list of attack paths
+title: Reference list of attack paths and cloud security graph components
 titleSuffix: Defender for Cloud
 description: This article lists Microsoft Defender for Cloud's list of attack paths based on resource.
 ms.topic: reference
 ms.custom: ignite-2022
-ms.date: 09/21/2022
+ms.date: 11/08/2022
 ---
 
 
-# Reference list of attack paths
+# Reference list of attack paths and cloud security graph components
 
-This article lists the attack paths, connections and insights you might see in Microsoft Defender for Cloud. What you are shown in your environment depends on the resources you're protecting and your customized configuration.
+This article lists the attack paths, connections and insights you might see in Microsoft Defender for Cloud related to Defender for Cloud Security Posture Management (CSPM). What you are shown in your environment depends on the resources you're protecting and your customized configuration. You will need to [enable Defender for CSPM](enable-enhanced-security.md#enable-defender-plans-to-get-the-enhanced-security-features) to view your attack paths. Learn more about [the cloud security graph, attack path analysis, and the cloud security explorer?](concept-attack-path.md).
 
 To learn about how to respond to these attack paths, see [Identify and remediate attack paths](how-to-manage-attack-path.md).
 
 ## Attack paths
 
 ### Azure VMs
 
+Prerequisite: [Enable agentless scanning](enable-vulnerability-assessment-agentless.md).
+
 | Attack Path Display Name | Attack Path Description |
 |--|--|
 | Internet exposed VM has high severity vulnerabilities | Virtual machine '\[MachineName]' is reachable from the internet and has high severity vulnerabilities \[RCE] |
@@ -32,6 +34,8 @@ To learn about how to respond to these attack paths, see [Identify and remediate
 
 ### AWS VMs
 
+Prerequisite: [Enable agentless scanning](enable-vulnerability-assessment-agentless.md).
+
 | Attack Path Display Name	| Attack Path Description |
 |--|--|
 | Internet exposed EC2 instance has high severity vulnerabilities and high permission to an account | AWS EC2 instance '\[EC2Name]' is reachable from the internet, has high severity vulnerabilities\[RCE] and has '\[permission]' permission to account '\[AccountName]' |
@@ -43,6 +47,8 @@ To learn about how to respond to these attack paths, see [Identify and remediate
 
 ### Azure data
 
+Prerequisite: [Enable Microsoft Defender for SQL servers on machines](defender-for-sql-usage.md).
+
 | Attack Path Display Name	| Attack Path Description |
 |--|--|
 | Internet exposed SQL on VM has a user account with commonly used username and allows code execution on the VM | SQL on VM '\[SqlVirtualMachineName]' is reachable from the internet, has a local user account with commonly used username (which is prone to brute force attacks), and has vulnerabilities allowing code execution and lateral movement to the underlying VM |
@@ -52,18 +58,24 @@ To learn about how to respond to these attack paths, see [Identify and remediate
 
 ### AWS Data
 
+Prerequisite: [Enable Microsoft Defender for SQL servers on machines](defender-for-sql-usage.md).
+
 | Attack Path Display Name	| Attack Path Description |
 |--|--|
 | Internet exposed AWS S3 Bucket with sensitive data is publicly accessible | S3 bucket '\[BucketName]' with sensitive data is reachable from the internet and allows public read access without authorization required. For more details, you can learn how to [prioritize security actions by data sensitivity](./information-protection.md). |
 
 ### Azure containers
 
+Prerequisite: [Enable Defender for Containers](defender-for-containers-enable.md), and install the relevant agents in order to view attack paths that are related to containers. This will also give you the ability to [query](how-to-manage-cloud-security-explorer.md#build-a-query-with-the-cloud-security-explorer) containers data plane workloads in security explorer.
+
 | Attack Path Display Name	| Attack Path Description |
 |--|--|--|
 | Internet exposed Kubernetes pod is running a container with RCE vulnerabilities | Internet exposed Kubernetes pod '\[pod name]' in namespace '\[namespace]' is running a container '\[container name]' using image '\[image name]' which has vulnerabilities allowing remote code execution |
 | Kubernetes pod running on an internet exposed node uses host network is running a container with RCE vulnerabilities | Kubernetes pod '\[pod name]' in namespace '\[namespace]' with host network access enabled is exposed to the internet via the host network. The pod is running container '\[container name]' using image '\[image name]' which has vulnerabilities allowing remote code execution |
 
-## Insights and connections
+## Cloud security graph components list
+
+This section  lists all of the cloud security graph components (connections & insights) that can be used in queries with the [cloud security explorer](concept-attack-path.md).
 
 ### Insights
 
diff --git a/articles/defender-for-cloud/concept-attack-path.md b/articles/defender-for-cloud/concept-attack-path.md
@@ -4,14 +4,18 @@ description: Learn how to prioritize remediation of cloud misconfigurations and
 titleSuffix: Defender for Cloud attack path.
 ms.topic: conceptual
 ms.custom: ignite-2022
-ms.date: 09/21/2022
+ms.date: 11/08/2022
 ---
 
 # What are the cloud security graph, attack path analysis, and the cloud security explorer? 
 
+<iframe src="https://aka.ms/docs/player?id=36a5c440-00e6-4bd8-be1f-a27fbd007119" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
+
 One of the biggest challenges that security teams face today is the number of security issues they face on a daily basis. There are numerous security issues that need to be resolve and never enough resources to address them all. 
 
-Defender for Cloud's contextual security capabilities assists security teams to assess the risk behind each security issue, and identify the highest risk issues that need to be resolved soonest. Defender for Cloud assists security teams to reduce the risk of an impactful breach to their environment in the most effective way. 
+Defender for Cloud's contextual security capabilities assists security teams to assess the risk behind each security issue, and identify the highest risk issues that need to be resolved soonest. Defender for Cloud assists security teams to reduce the risk of an impactful breach to their environment in the most effective way.
+
+All of these capabilities are available as part of the [Defender Cloud Security Posture Management](concept-cloud-security-posture-management.md) plan and the requiring the enablement of [agentless scanning for VMs](concept-agentless-data-collection.md)
 
 ## What is cloud security graph?
 
@@ -37,8 +41,11 @@ Using the cloud security explorer, you can proactively identify security risks i
 
 Cloud security explorer provides you with the ability to perform proactive exploration features. You can search for security risks within your organization by running graph-based path-finding queries on top the contextual security data that is already provided by Defender for Cloud. Such as, cloud misconfigurations, vulnerabilities, resource context, lateral movement possibilities between resources and more.
 
-Learn how to use the [cloud security explorer](how-to-manage-cloud-security-explorer.md), or check out the list of [insights and connections](attack-path-reference.md#insights-and-connections).
+Learn how to use the [cloud security explorer](how-to-manage-cloud-security-explorer.md), or check out the [cloud security graph components list](attack-path-reference.md#cloud-security-graph-components-list).
 
 ## Next steps
 
-[Identify and remediate attack paths](how-to-manage-attack-path.md)
+- [Enable Defender CSPM on a subscription](enable-enhanced-security.md#enable-enhanced-security-features-on-a-subscription)
+- [Identify and remediate attack paths](how-to-manage-attack-path.md)
+- [Enabling agentless scanning for machines](enable-vulnerability-assessment-agentless.md#enabling-agentless-scanning-for-machines)
+- [Build a query with the cloud security explorer](how-to-manage-cloud-security-explorer.md)
diff --git a/articles/defender-for-cloud/enable-vulnerability-assessment-agentless.md b/articles/defender-for-cloud/enable-vulnerability-assessment-agentless.md
@@ -33,7 +33,7 @@ When you enable agentless vulnerability assessment:
 
 ## Enabling agentless scanning for machines
 
-When you enable Defender [Defender Cloud Security Posture Management (CSPM)](concept-cloud-security-posture-management.md) or [Defender for Servers P2](defender-for-servers-introduction.md), agentless scanning is enabled on by default.
+When you enable [Defender Cloud Security Posture Management (CSPM)](concept-cloud-security-posture-management.md) or [Defender for Servers P2](defender-for-servers-introduction.md), agentless scanning is enabled on by default.
 
 If you have Defender for Servers P2 already enabled and agentless scanning is turned off, you need to turn on agentless scanning manually.
 
diff --git a/articles/defender-for-cloud/how-to-manage-attack-path.md b/articles/defender-for-cloud/how-to-manage-attack-path.md
@@ -4,7 +4,7 @@ titleSuffix: Defender for Cloud
 description: Learn how to manage your attack path analysis and build queries to locate vulnerabilities in your multicloud environment.
 ms.topic: how-to
 ms.custom: ignite-2022
-ms.date: 10/03/2022
+ms.date: 11/08/2022
 ---
 
 # Identify and remediate attack paths 
@@ -20,6 +20,7 @@ You can check out the full list of [Attack path names and descriptions](attack-p
 | Aspect | Details |
 |--|--|
 | Release state | Preview |
+| Prerequisite | - [Enable agentless scanning](enable-vulnerability-assessment-agentless.md) <br> - [Enable Defender for CSPM](enable-enhanced-security.md) <br> - [Enable Defender for Containers](defender-for-containers-enable.md), and install the relevant agents in order to view attack paths that are related to containers. This will also give you the ability to [query](how-to-manage-cloud-security-explorer.md#build-a-query-with-the-cloud-security-explorer) containers data plane workloads in security explorer. |
 | Required plans | - Defender Cloud Security Posture Management (CSPM) enabled |
 | Required roles and permissions: | - **Security Reader** <br> - **Security Admin** <br> - **Reader** <br> - **Contributor** <br> - **Owner** |
 | Clouds: | :::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds (Azure, AWS) <br>:::image type="icon" source="./media/icons/no-icon.png"::: Commercial clouds (GCP) <br>:::image type="icon" source="./media/icons/no-icon.png"::: National (Azure Government, Azure China 21Vianet) |
@@ -34,7 +35,9 @@ On this page you can organize your attack paths based on name, environment, path
 
 For each attack path you can see all of risk categories and any affected resources.
 
-The potential risk categories include Credentials exposure, Compute abuse, Data exposure, Subscription/account takeover.
+The potential risk categories include credentials exposure, compute abuse, data exposure, subscription and account takeover.
+
+Learn more about [the cloud security graph, attack path analysis, and the cloud security explorer?](concept-attack-path.md).
 
 ## Investigate and remediate attack paths
 
diff --git a/articles/defender-for-cloud/how-to-manage-cloud-security-explorer.md b/articles/defender-for-cloud/how-to-manage-cloud-security-explorer.md
@@ -4,7 +4,7 @@ titleSuffix: Defender for Cloud
 description: Learn how to build queries in cloud security explorer to find vulnerabilities that exist on your multicloud environment.
 ms.topic: how-to
 ms.custom: ignite-2022
-ms.date: 10/03/2022
+ms.date: 11/08/2022
 ---
 
 # Cloud security explorer
@@ -13,13 +13,16 @@ Defender for Cloud's contextual security capabilities assists security teams in
 
 By using the cloud security explorer, you can proactively identify security risks in your cloud environment by running graph-based queries on the cloud security graph, which is Defender for Cloud's context engine. You can prioritize your security team's concerns, while taking your organization's specific context and conventions into account.  
 
-With the cloud security explorer, you can query all of your security issues and environment context such as assets inventory, exposure to internet, permissions, lateral movement between resources and more. 
+With the cloud security explorer, you can query all of your security issues and environment context such as assets inventory, exposure to internet, permissions, lateral movement between resources and more.
+
+Learn more about [the cloud security graph, attack path analysis, and the cloud security explorer?](concept-attack-path.md).
 
 ## Availability
 
 | Aspect | Details |
 |--|--|
 | Release state | Preview |
+| Prerequisite | - [Enable agentless scanning](enable-vulnerability-assessment-agentless.md) <br> - [Enable Defender for CSPM](enable-enhanced-security.md) <br> - [Enable Defender for Containers](defender-for-containers-enable.md), and install the relevant agents in order to view attack paths that are related to containers. This will also give you the ability to [query](how-to-manage-cloud-security-explorer.md#build-a-query-with-the-cloud-security-explorer) containers data plane workloads in security explorer. |
 | Required plans | - Defender Cloud Security Posture Management (CSPM) enabled |
 | Required roles and permissions: | - **Security Reader** <br> - **Security Admin** <br> - **Reader** <br> - **Contributor** <br> - **Owner** |
 | Clouds: | :::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds (Azure, AWS) <br>:::image type="icon" source="./media/icons/no-icon.png"::: Commercial clouds (GCP) <br>:::image type="icon" source="./media/icons/no-icon.png"::: National (Azure Government, Azure China 21Vianet) |
@@ -72,4 +75,6 @@ You can review the [full list of recommendations, insights and connections](atta
 
 ## Next steps
 
-[Create custom security initiatives and policies](custom-security-policies.md)
+View the [reference list of attack paths and cloud security graph components](attack-path-reference.md)
+
+Learn about the [Defender CSPM plan options](concept-cloud-security-posture-management.md#defender-cspm-plan-options)
